Skip to main content
close search
site logo
Dive Brief

US Treasury sanctions Iran intelligence agency following Albanian government attack

The Treasury Department said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007.

Published Sept. 12, 2022
David Jones's headshot
Reporter
Statue of Alexander Hamilton.
Statue of the first United States Secretary of the Treasury Alexander Hamilton stands in front of the U.S. Treasury in Washington, DC. Chip Somodevilla via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • The U.S. Treasury Department on Friday announced sanctions against Iran’s Ministry of Intelligence and Security as well as its Minister of Intelligence for malicious cyber activity targeting the U.S. and allies globally.
  • The Office of Foreign Assets Control said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007. Threat actors linked to Iran and the MOIS launched attacks in July against computer systems of the Albanian government, a NATO ally. Albania had to suspend online services for its citizens in response to the attack. 
  • U.S. authorities earlier this year identified a group of advanced persistent threat actors, known as MuddyWater, active since 2018 that operate as a unit within MOIS. The group has exploited publicly known vulnerabilities to deploy ransomware, target private organizations and access sensitive data on computer systems.

Dive Insight:

The designation comes at a time of heightened tension between Iran and the U.S. and its allies. President Joe Biden recently took military action against Iran-linked groups in Syria and talks have intensified in recent weeks in an attempt to renegotiate the Iran nuclear deal. 

“MOIS carries out cyber espionage and disruptive ransomware attacks on behalf of the Iranian government in parallel with the other Iranian security services the Islamic Revolutionary Guard Corps,” John Hultquist, VP at Mandiant Threat Intelligence, said in a statement. “They are largely focused on classic espionage targets such as governments and dissidents, and they have been found targeting upstream sources of intelligence like telecommunications firms and companies with potentially valuable personal identifiable information.”

Mandiant linked a new APT actor, called APT 42, to the intelligence service of Iran’s Islamic Revolutionary Guard Corp, in a report released last week. The actor, which was previously tracked as UNC788, has targeted dissidents and organizations considered to be opponents of Iran around the world.

The newly identified APT actor is unreleated to the Treasury activity currently sanctioned by U.S. authorities, according to a Mandiant spokesperson. 

The group has engaged in harvesting credentials through spear phishing campaigns against corporate and individual targets, surveillance and deploying malware, according to Mandiant. 

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell